The end of support means the OS no longer receives patches against viruses, spyware and other malware that might seek to exploit the system. The US Computer Emergency Readiness Team warns that those running Windows Server 2003 risk "loss of confidentiality, integrity, and or availability of data, system resources and business assets".

Despite these risks, Netcraft says 175 million websites - what it terms "one-fifth of the internet" - are hosted on machines running Windows Server 2003. The OS also appears to be in use on computers sitting behind web servers for a further 1.7 million sites.

Together accounting for 55 percent, the US and China are home to the bulk of the machines running Windows Server 2003, with 166,000 in the US and 169,000 in China.

Paul Mutton, who works on security and investigations for Netcraft, said the unsupported nature of Windows Server 2003 makes it a tempting target for attackers - which is why it is important for firms to switch away from the OS as soon as possible.

"As time goes by, there will be some vulnerabilities that affect Windows Server 2003 and if those allow things like remote code execution and so on, we're likely to see a massive number of web-facing computers and a much larger number of websites getting hacked. These could then go on to distribute malware and even be made into botnets to enable other attacks.

"Of course, because Windows Server 2003 is now unsupported, those people who try to find vulnerabilities might even now be particularly focusing on this platform because they know it won't be fixed."

Windows Server 2012 R2 is the most recent version of Microsoft's server-targeted operating system - with a variety of options for licensing. In part, Netcraft blames the cost of moving to a more recent Microsoft OS for the proportion of machines still running Windows Server 2003.

"[That proportion] is over 10 percent of all web-facing computers, and shows the true potential cost of migration," the report states.

Moving a server to a Linux-based OS can be difficult for organisations that have traditionally used Windows Server, Mutton said, particularly if they rely heavily on scripts written for ASP.NET, Microsoft's server-side web application framework.

The report lists several major firms and banks still running Windows Server 2003 machines, including UK bank NatWest, part of the larger publicly-owned Royal Bank of Scotland (RBS).

However, while Microsoft is no longer supporting the OS for most users, it will offer fixes for the OS to organisations willing to pay for a custom-support deal.

Firms without such a custom support deal in place that use Windows Server 2003 to serve sites that handle financial information could be in breach of data security standards, according to Netcraft - which carries out security testing and assessments for companies.

The Netcraft report said: "Many merchants still using Windows Server 2003 are likely to be noncompliant and could face fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts."

Netcraft says it determines the operating system of web servers by analysing the low-level TCP/IP characteristics of response packets, and so its figures are independent of whichever server software the site claims to be running.